CVE-2025-3917 - Vulnerability Details

- 百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload

Description

The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Published: 2025-05-15

Score: 9.8 Critical

EPSS: 1.8% Low

KEV: No

Impact:

Action:

Analysis

Impact

The Baidu SEO Collection plugin for WordPress contains a flaw that allows attackers to upload any file without type validation. An unauthenticated attacker can place a malicious script on the server, potentially enabling remote code execution. The flaw falls under CWE‑434 and can compromise the entire site if exploited.

Affected Systems

WordPress sites using the Baidu SEO Collection plugin, versions up to and including 2.0.6, are impacted. The plugin is identified by the vendor product name kelerkgibo:SEO合集. Sites that have not applied a later version are susceptible.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.8, indicating critical severity, and an EPSS score of 2%, suggesting that while exploitation is possible, it is not yet widespread. Attackers can reach the vulnerable functionality without authentication, upload arbitrary files via the download_remote_image_to_media_library routine, and if the file is executable, run arbitrary code. The issue is not listed in CISA’s KEV catalog but remains a high‑risk concern for exposed WordPress installations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

kelerkgibo

SEO合集(支持百度/Google/Bing/头条推送)

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.0.6

No data.

Vendor	Product	Confidence	Versions
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Baidu SEO Collection plugin to the latest version (≥ 2.0.7) that includes the file type validation fix; if no update is available, uninstall the plugin.
If the plugin must remain active, configure the web server or WordPress to reject file uploads of executable types (e.g., .php, .phtml) and set the upload directory’s permissions to non‑executable.
Enable logging of file uploads and monitor for suspicious activity, blocking offending IP addresses or sources.

Generated by OpenCVE AI on April 21, 2026 at 20:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-14953	The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01817.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://plugins.trac.wordpress.org/browser/baiduseo/tags/2.0.6/inc/index/youhua.php#L371
https://plugins.trac.wordpress.org/changeset/3293597
https://wordpress.org/plugins/baiduseo/
https://www.wordfence.com/threat-intel/vulnerabilities/id/70361501-8adc-499a-91d2-cf91fab5934a?source=cve

History

Wed, 08 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
References		https://plugins.trac.wordpress.org/changeset/3293597

Thu, 15 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 15 May 2025 03:45:00 +0000

Type	Values Removed	Values Added
Description		The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title		百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File Upload
Weaknesses		CWE-434
References		https://plugins.trac.wordpress.org/browser/baiduseo/tags/2.0.6/inc/index/youhua.php#L371 https://wordpress.org/plugins/baiduseo/ https://www.wordfence.com/threat-intel/vulnerabilities/id/70361501-8adc-499a-91d2-cf91fab5934a?source=cve
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-05-15T03:21:38.842Z

Updated: 2026-04-08T17:00:18.944Z

Reserved: 2025-04-24T10:22:46.708Z

Link: CVE-2025-3917

Vulnrichment

Updated: 2025-05-15T14:22:23.556Z

NVD

Status : Deferred

Published: 2025-05-15T04:16:12.617

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-3917

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-21T21:00:35Z

Weaknesses

CWE-434

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object